Snippet List
This is based on [snippet 501](http://www.djangosnippets.org/snippets/501/), with some corrections:
1. if user doesn't exist and AD.authenticate passes, then create new user - don't store password - prevent default django auth backend authentication
2. if user exists and AD.authenticate passes - django User object is updated
3. various error handling
4. fixes (some mentioned in original snippet)
5. some settings removed from settings to backend module
6. other changes (ADUser class, re-indent, logging etc.)
7. ignores problem with search_ext_s (DSID-0C090627)
8. caching connection - when invalid then re-connect and try again
Note that there is also ldaps:// (SSL version) django auth backend on [snippet 901](http://www.djangosnippets.org/snippets/901/).
Possible improvements:
1. define new settings param - use secured - then LDAPS (snippet 901)
2. define new settings extra ldap options - e.g. protocol version
3. fetch more data from AD - fill in user data - maybe to make this configurable to be able to update user.get_profile() data too (some settings that has mapping AD-data -> User/UserProfile data)
- auth
- ldap
- active-directory
- backend
An example of how to modify the admin user creation form to assign an unusable password to externally authenticated users when they are created.
This code is more intimate with the django.contrib.auth classes than I'd like, but it should be fairly straightforward to maintain should the relevant django.contrib.auth classes change.
I had some trouble getting other peoples code to work for AD support, so I wrote my own which authenticates against LDAP and will also use SSL and cert if required. It will also verify that an autheticated user has specific group membership before authorizing.
This will also debug to a file, which is really helpful when trying to figure out problems.
One thing that really got me when getting python-ldap to work was that you must have "ldap.set_option(ldap.OPT_REFERRALS,0)" set or any ldap search will not work.
Also, this will add group permissions to a user.
- authentication
- ssl
- ldap
- active-directory
I put this in a file called auth.py, then referenced it in the settings.py like so:
AUTHENTICATION_BACKENDS = ('myproject.myapp.auth.ActiveDirectoryBackend',)
This has been tested on my office network, with the following setup:
Django 0.96
Python 2.4.4
python-ldap
Fedora Core 5 (On the server hosting Django)
AD Native Mode
2 Windows 2003 AD servers
- auth
- ldap
- active-directory
- backend
6 snippets posted so far.